How to spot scam emails | Fin24
  • Trump and Tariffs

    Face-to-face trade meetings with China on the horizon.

  • Peter Moyo

    What is next for Old Mutual and its on-and off-again CEO Peter Moyo as legal manoeuverings continue?

  • Fin24’s newsletter

    Sign up to receive Fin24's top news in your inbox every morning.


How to spot scam emails

Jan 17 2016 17:35

Cape Town - One of the primary ways your email account can be hacked is through so-called phishing emails.

Statistics show that in 69% of cases, if you just click on the phishing email or link, you will download a virus (malware) onto your device. If hackers get access to your email account, they can access your personal information and commit fraud.

Kevin Hogan, fraud risk manager at Investec Private Banking, provides tips to help you identify these emails:

Hover over "From”

Probably the easiest way to identify if an email is legitimate or not, is simply to hover your mouse arrow over the name in the "From" column. You will be able to tell if the email is from a recognisable domain that is linked to the actual sender name.

For example, an email from should typically have the "From" domain of "" (not "" or "").

Check if the website address (URL) is legitimate

Another check you can do is to hover over the website address (link) in an email. Make sure the link is legitimate and uses encryption (https://). To be extra cautious, always open a new window and go to the site directly without clicking on the link in the email.

Check for incorrect grammar and spelling

Many hackers misspell words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic they use to find less savvy users. If hackers get a response from a poorly written email, they know the individual is an easy target.

Only plain text or absence of logos

Most legitimate emails are a mix of text and images and written with HTML. A phishing email may be without any images or company logos. If the email is all plain text and looks different from what you usually get from a sender, it is best to ignore the email.

The message body is an image

A common tactic of many hackers is to use an image only for the entire message. Legitimate emails are a mix of text and images. As an extra precaution, check for embedded links within the image (hover over it).

It requests personal information

A common tactic is an urgent email alert requesting you to provide and/or update your personal information about an account (for instance bank account details or account password). Because of this "urgent" request, you might be more tempted to click on a malicious web address or download an attachment. By doing this, your computer could be infected or your personal information stolen.

It contains suspicious attachments

The majority of financial institutions or retailers will not send out attachments by email. If an email in your inbox claims to be from your bank and it has an attachment, be very careful. High risk attachment file types include .exe, .scr, .zip, .com or .bat.

Urgent or too good to be true

If an email seems too good to be true, it most likely is. Be cautious about any message offering to transfer money into your bank account by simply "clicking here". Also, if the content urges you to "click into your account now", it is most likely a scam and you should mark it as "junk".

Your email address listed as the "From" address

If your email address is the "From" address, it is a sign of a fake message. In addition, if the "To" field shows a large list of recipients, you should also be cautious. Legitimate emails are sent directly to you and only you.

You may see "undisclosed recipients" and this is something to keep an eye on as well. It could be valid, but double check by using the other tips above.

IP (Internet Protocol) reputation

If you can easily identify the sending IP of an email, you can look up its reputation through Return Path’s Sender Score site. This tool will reveal a score (0-100) and will be able to give you more insight into IPs' historical performance. The lower the score, the more likely the email is a phishing or spoofing attempt.

investec  |  financial services  |  tech  |  scams


Company Snapshot

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

What's your view on deep sea mining?

Previous results · Suggest a vote